According to TFA:
'If you look at Dell's stock versus HP's, part of the difference has to do with Dell's reputation for owning the customer. There's a sense they own the entire margin and have higher profits because they sell directly. It makes them appear more valuable to Wall Street.'
What?
http://www.google.com/finance?q=HPQ http://www.google.com/finance?q=DELL
Last time I checked HP's stock is HIGHER than DELL's.
What gives?
If you read down the SANS presentation you come to this:
The following list shows how far-reaching this attack proved to be. The
list is a small, categorized excerpt of the 665 domain names from his
site (with my short notes) that were being re-directed to hostile web
servers. It is very important to note that e-mail, FTP logins, HTTPS
sessions, and other types of traffic were also being re-directed to the
malicious servers. We do not believe that the attacker was reading
e-mail or collecting passwords, but we have no conclusive proof to
assert either theory.
Totally browser/machine agnostic attacks, no user intervention. If you look at the names of the sites, many of them are financial institutions! And all of those victims that click okay everytime they get an "invalid certificate" message. Be afraid, very afraid.
Maybe 10% of the population are aware of WEP's weaknesses, but would the other 90% understand what/where/how to conifugre WPA on an AP or gateway? I'm not quite sure that Joe home user should be so worried about his WEP key. Most home users don't have any security policy or strategy (ie. millions of exploited Windows machines sitting directly on the internet), and most businesses have a poor network security policy. As a consultant for a large networking manufacturer, I am amazed at the lengths corporations will go to in securing their wireless network, meanwhile you can walk into unsecured parts of the building and just plug in (no 802.1x), or they have a substandard VPN or internet gateway solution. Maybe it would make more sense for our government to do seminars on security practices for computing(including wireless networking) versus demonstrating a 4 year+ old IV weakness vulnerability?
Slashdot Mirror
According to TFA:
'If you look at Dell's stock versus HP's, part of the difference has to do with Dell's reputation for owning the customer. There's a sense they own the entire margin and have higher profits because they sell directly. It makes them appear more valuable to Wall Street.'
What?
http://www.google.com/finance?q=HPQ
http://www.google.com/finance?q=DELL
Last time I checked HP's stock is HIGHER than DELL's. What gives?
Nope...I meant "thumbs up" AND "FU". Argh just when you think you had it figured out. The sig used to be "witty phrase goes here"
If you read down the SANS presentation you come to this:
The following list shows how far-reaching this attack proved to be. The list is a small, categorized excerpt of the 665 domain names from his site (with my short notes) that were being re-directed to hostile web servers. It is very important to note that e-mail, FTP logins, HTTPS sessions, and other types of traffic were also being re-directed to the malicious servers. We do not believe that the attacker was reading e-mail or collecting passwords, but we have no conclusive proof to assert either theory.
Totally browser/machine agnostic attacks, no user intervention. If you look at the names of the sites, many of them are financial institutions! And all of those victims that click okay everytime they get an "invalid certificate" message. Be afraid, very afraid.
Maybe 10% of the population are aware of WEP's weaknesses, but would the other 90% understand what/where/how to conifugre WPA on an AP or gateway? I'm not quite sure that Joe home user should be so worried about his WEP key. Most home users don't have any security policy or strategy (ie. millions of exploited Windows machines sitting directly on the internet), and most businesses have a poor network security policy. As a consultant for a large networking manufacturer, I am amazed at the lengths corporations will go to in securing their wireless network, meanwhile you can walk into unsecured parts of the building and just plug in (no 802.1x), or they have a substandard VPN or internet gateway solution. Maybe it would make more sense for our government to do seminars on security practices for computing(including wireless networking) versus demonstrating a 4 year+ old IV weakness vulnerability?